Purpose
The purpose of this policy is to explain how the International Olive Council (IOC) safeguards any information disclosed to the IOC or collected through its website and social media (hereafter referred to as the “site”). Any personal data received by the IOC will be treated in accordance with this policy.
Scope
This policy applies to all processing of personal data. It also applies to the use of IOC social media platforms (X and LinkedIn).
Anonymised data, such as data used for statistical evaluations or studies, is not subject to this policy.
Social media platforms collect and process personal data when users visit them. The IOC has no control over these processes.
Personal data
“Personal data” refers to any information relating to an identified or identifiable natural person (hereafter referred to as a “user” or “visitor”). This includes any individual who can be identified directly or indirectly by reference to an identifier such as a name, identification number, location data or online identifiers (e.g. IP addresses if they can be used to identify an individual), or by reference to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
The IOC recommends that users do not disclose sensitive personal data via the site, such as information relating to racial or ethnic origin, political opinions, religious or other beliefs, physical or mental health, criminal background, etc.
Collection and use of users’ personal data
When accessing IOC web pages, users may have the opportunity to provide personal data such as their name, email address, home address, telephone number or social media account ID. This may occur, for example, when participating in social media features on the site, entering a contest, promotion or survey, completing a form or reporting a problem with the site.
Personal data collected by the IOC will only be used for the purposes for which it was provided by the user.
The IOC encourages users to read this policy carefully in order to understand its practices regarding personal data and how such data is treated.
The categories of personal data IOC may collect, the purpose and the lawful basis
Personal data collected from users may include the following:
| Categories of personal data | Purpose | Legal basis |
|---|---|---|
| Application data (e.g. name, CV, contact details) | Processing this data enables the IOC to administer recruitment processes, including the creation of an electronic applicant HR file, management of applications and organisation of interviews. | Processing is necessary to evaluate applications and, if successful, to enter into a contract with the user. |
| Contact information (e.g. full name, postal address, email address, employer or business information, professional information, job title, telephone number) | Managing and responding to user queries. | Contract performance and legitimate interests — it is important that the IOC can respond to enquiries. |
| Browsing information (IP address, browser information) and information processed through cookies and analytic tools (see section “Collection of non-personal data and use of cookies”) | Monitoring and producing statistical information on the use of IOC platforms, analysing usage and improving functionality. | Legitimate interests — to ensure IOC sites function properly, diagnose server problems and administer IOC sites. |
| Contact information for dissemination of information (email address, name, profile and sector information) | Sending newsletters, informational bulletins and survey requests, and providing updates on the olive market and strategies when the user has subscribed and consented to receive such information or participate in promotional or marketing activities. | User’s explicit consent. |
| Personal data included in business correspondence and related documents (e.g. name, email address, postal address, telephone number, query details) | Communicating with current and prospective suppliers and business partners, particularly via email, including during negotiations, in preparation for or during contract performance, or when responding to a query. | Performance of contract and IOC legitimate interests in conducting business. |
| All information | Establishing and enforcing IOC legal rights and obligations; monitoring to identify and record fraudulent activity; complying with instructions from law enforcement agencies, courts or other legal requirements; general record-keeping and customer relationship management; resolving complaints or disputes. | Legitimate interests. |
The IOC does not collect or retain personal data longer than necessary for the purposes for which it was collected or as required by IOC policies and procedures.
Keeping users informed and communication
With the user’s consent and where appropriate, the IOC may retain the user’s name, address and/or contact information (including telephone numbers and email addresses) in its databases. This information may be used from time to time to inform users about IOC activities and publications that may be of interest to them.
For this purpose, the IOC may contact users in writing, by telephone or by email. If a user decides at any time that they no longer wish their contact information to be used for these purposes, they are requested to inform the IOC (see “How to contact the IOC”).
Right of access, rectification and erasure
Under IOC data privacy regulations, users have the following rights:
- the right to request access to the personal data the IOC holds about them;
- the right to request rectification of inaccurate personal data;
- the right to request restriction of processing of their personal data;
- the right to request the erasure of personal data when it is no longer necessary for the IOC to retain it;
- the right to withdraw consent for any processing for which consent was previously given.
Users wishing to exercise any of these rights are requested to contact the IOC.
Disclosure of personal data to third parties
The IOC may disclose personal data to third parties including, but not limited to:
- third parties providing services to the IOC that support its activities (for example IT support or mailing services);
- the IOC’s legal or professional advisers;
- situations where disclosure is necessary to comply with legal requirements, protect vital interests, safeguard the security or integrity of IOC databases or websites, or insure against legal liability.
The IOC may also engage third parties to manage the site or provide related services, such as data collection or analysis. These parties may have access to personal data as necessary to perform these services on behalf of the IOC. All such parties are required to protect personal data in accordance with this Privacy Policy.
Keeping users’ information secure
The IOC endeavours to implement appropriate technical and physical security measures to protect personal data transmitted to, stored by or otherwise processed by the IOC through its sites. These measures are designed to protect against unlawful destruction, loss, alteration, unauthorised disclosure or unauthorised access.
These measures include computer backups and secured files and facilities. IOC service providers are also carefully selected and required to implement appropriate safeguards.
- pseudonymisation (for example where data is separated from direct identifiers so that linkage to an identity is not possible without additional information held separately) and encryption;
- ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services used to process personal data;
- ensuring the ability to restore the availability of and access to personal data in a timely manner in the event of a physical or technical incident;
- ensuring processes for regularly testing, assessing and evaluating the effectiveness of technical and organisational security measures.
Notwithstanding these measures, the IOC cannot guarantee the security of information transmitted through the site. Users transmit information at their own risk. If users believe that their interaction with the IOC is no longer secure, they are requested to notify the IOC immediately.
Collection of non-personal data and use of cookies
The IOC may use cookies on its sites. Cookies are small text files placed on a user’s device by the web browser. They allow the IOC to recognise returning users, monitor how the site is used and personalise certain aspects of a user’s visit.
Information gathered through cookies is used only on an aggregated basis. Unless visitors specifically provide identifying information — for example by registering on IOC sites, submitting a form or corresponding with the IOC — the IOC cannot identify individual users.
Aggregated information helps the IOC analyse traffic patterns and improve the content and usability of the site.
Users may disable cookies through their browser settings. Instructions for doing so can usually be found in the browser’s help function. Users should note that disabling cookies may affect the functionality of certain features of the IOC sites.
Commitment to data security
The IOC is committed to respecting the privacy of individuals who use its website, IOC-managed social media pages and other forms of electronic communication.
The IOC website includes both a public area and a private area with restricted access.
Amendments to this policy
The IOC reserves the right to amend this Privacy Policy at its sole discretion. Users are encouraged to review this policy regularly to stay informed of any updates.
How to contact the IOC
For questions or concerns regarding IOC privacy policies and practices, users may contact the IOC by email at:
dataprotection@internationaloliveoil.org
